Rodrigue Le Bayon
@rodriguelebayon.bsky.social
Head of CERT @OrangeCyberdefense
https://research.cert.orangecyberdefense.com/
https://research.cert.orangecyberdefense.com/
Reposted by Rodrigue Le Bayon
Two vulnerabilities impacting Craft CMS were chained together in zero-day attacks to breach servers and steal data, with exploitation ongoing, according to CERT Orange Cyberdefense.
Craft CMS RCE exploit chain used in zero-day attacks to steal data
Two vulnerabilities impacting Craft CMS were chained together in zero-day attacks to breach servers and steal data, with exploitation ongoing, according to CERT Orange Cyberdefense.
www.bleepingcomputer.com
April 25, 2025 at 7:44 PM
Two vulnerabilities impacting Craft CMS were chained together in zero-day attacks to breach servers and steal data, with exploitation ongoing, according to CERT Orange Cyberdefense.
Reposted by Rodrigue Le Bayon
#CVE-2025-32432 #0day #CraftCMS discovered by Orange Cyberdefense
💥Unauthenticated Remote Code Execution. No CVSS yet, we suggest to give it a 10
📌40,000 IP addresses representing over 37,000 domain names exposed, 12,168 unique domains vulnerable
Blog:
blog.onyphe.io/en/cve-2025-...
💥Unauthenticated Remote Code Execution. No CVSS yet, we suggest to give it a 10
📌40,000 IP addresses representing over 37,000 domain names exposed, 12,168 unique domains vulnerable
Blog:
blog.onyphe.io/en/cve-2025-...
CVE-2025-32432 – 0day Craft CMS discovered by Orange Cyberdefense – Blog | Big Data for Cyber Defense
blog.onyphe.io
April 25, 2025 at 3:45 PM
#CVE-2025-32432 #0day #CraftCMS discovered by Orange Cyberdefense
💥Unauthenticated Remote Code Execution. No CVSS yet, we suggest to give it a 10
📌40,000 IP addresses representing over 37,000 domain names exposed, 12,168 unique domains vulnerable
Blog:
blog.onyphe.io/en/cve-2025-...
💥Unauthenticated Remote Code Execution. No CVSS yet, we suggest to give it a 10
📌40,000 IP addresses representing over 37,000 domain names exposed, 12,168 unique domains vulnerable
Blog:
blog.onyphe.io/en/cve-2025-...
Reposted by Rodrigue Le Bayon
💥Detection method for #symlink #backdoor on #fortinet
"we are willing to share it, privately"
More than 18k devices compromised
Read more: blog.onyphe.io/en/symlink-b...
"we are willing to share it, privately"
More than 18k devices compromised
Read more: blog.onyphe.io/en/symlink-b...
Symlink backdoor on Fortinet SSL-VPN devices – Blog | Big Data for Cyber Defense
blog.onyphe.io
April 21, 2025 at 12:49 PM
💥Detection method for #symlink #backdoor on #fortinet
"we are willing to share it, privately"
More than 18k devices compromised
Read more: blog.onyphe.io/en/symlink-b...
"we are willing to share it, privately"
More than 18k devices compromised
Read more: blog.onyphe.io/en/symlink-b...
Reposted by Rodrigue Le Bayon
Trump going after his former CISA director @thekrebscycle.bsky.social, who debunked his 2020 lies. He just ordered a probe of Krebs' leadership of CISA (including any "censorship"), revoked Krebs' clearances, and suspended those of his @sentinelone.com colleagues. www.whitehouse.gov/fact-sheets/...
April 9, 2025 at 9:52 PM
Trump going after his former CISA director @thekrebscycle.bsky.social, who debunked his 2020 lies. He just ordered a probe of Krebs' leadership of CISA (including any "censorship"), revoked Krebs' clearances, and suspended those of his @sentinelone.com colleagues. www.whitehouse.gov/fact-sheets/...
Reposted by Rodrigue Le Bayon
🆕New version of #Emmenhtal loader actively distributed worldwide since early March, leading to #Lumma or #Rhadamanthys stealers.
Very low AV detection on VT for now.
Similarly to V2, Emmenhtal V3 masquerades as #mp3 or #mp4 files, including relaxation songs.🧘♀️
Very low AV detection on VT for now.
Similarly to V2, Emmenhtal V3 masquerades as #mp3 or #mp4 files, including relaxation songs.🧘♀️
March 17, 2025 at 3:56 PM
🆕New version of #Emmenhtal loader actively distributed worldwide since early March, leading to #Lumma or #Rhadamanthys stealers.
Very low AV detection on VT for now.
Similarly to V2, Emmenhtal V3 masquerades as #mp3 or #mp4 files, including relaxation songs.🧘♀️
Very low AV detection on VT for now.
Similarly to V2, Emmenhtal V3 masquerades as #mp3 or #mp4 files, including relaxation songs.🧘♀️
Reposted by Rodrigue Le Bayon
What can be done to prevent phishing attacks? We speak to cyberdefence expert @rodriguelebayon.bsky.social, Head of Global CERT at Orange Cyberdefense, who tells us more about the growing problem and what we can do to stop it.
👉See the interview: www.france24.com/en/tv-shows/...
👉See the interview: www.france24.com/en/tv-shows/...
Entre Nous - Fighting cybercrime: What can be done to prevent phishing attacks?
Have you ever received a phone call from a number you don't know, offering you a job that's too good to be true? Or received a link to pay for a package that's supposedly in your name? In many of thos...
www.france24.com
March 26, 2025 at 10:02 AM
What can be done to prevent phishing attacks? We speak to cyberdefence expert @rodriguelebayon.bsky.social, Head of Global CERT at Orange Cyberdefense, who tells us more about the growing problem and what we can do to stop it.
👉See the interview: www.france24.com/en/tv-shows/...
👉See the interview: www.france24.com/en/tv-shows/...
Reposted by Rodrigue Le Bayon
Silent Push has discovered a Chinese CDN that rents IPs from major could providers and makes them available to various cybercrime operations.
FUNNULL has hosted phishing portals, online romance scams, and gambling sites linked to money laundering operations.
www.silentpush.com/blog/infrast...
FUNNULL has hosted phishing portals, online romance scams, and gambling sites linked to money laundering operations.
www.silentpush.com/blog/infrast...
Infrastructure Laundering: Silent Push Exposes Cloudy Behavior Around FUNNULL CDN Renting IPs from Big Tech
Infrastructure Laundering is a criminal practice of intermediaries enabling threat actors to hide infrastructure with major cloud providers.
www.silentpush.com
February 1, 2025 at 9:28 PM
Silent Push has discovered a Chinese CDN that rents IPs from major could providers and makes them available to various cybercrime operations.
FUNNULL has hosted phishing portals, online romance scams, and gambling sites linked to money laundering operations.
www.silentpush.com/blog/infrast...
FUNNULL has hosted phishing portals, online romance scams, and gambling sites linked to money laundering operations.
www.silentpush.com/blog/infrast...
Reposted by Rodrigue Le Bayon
Celui qui est considéré comme le père de Babar: la fin de cet épisode de Pwned sur la "Ferme des animaux". pwned.substack.com/p/celui-qui-...
Celui qui est considéré comme le père de Babar
Où l'on découvre que le choix du nom Babar a peut-être un deuxième sens.
pwned.substack.com
January 27, 2025 at 9:20 AM
Celui qui est considéré comme le père de Babar: la fin de cet épisode de Pwned sur la "Ferme des animaux". pwned.substack.com/p/celui-qui-...
Reposted by Rodrigue Le Bayon
Reposted by Rodrigue Le Bayon
#CIRCL announces the release of new and updated open-source training materials for #digitalforensics , over 340 updated and comprehensive slides designed to empower your learning journey.
www.circl.lu/services/for... #DFIR
www.circl.lu/services/for... #DFIR
December 24, 2024 at 9:24 AM
#CIRCL announces the release of new and updated open-source training materials for #digitalforensics , over 340 updated and comprehensive slides designed to empower your learning journey.
www.circl.lu/services/for... #DFIR
www.circl.lu/services/for... #DFIR